As root, I can add user specific cron job by crontab -u user1 -e . There I can mention a shell script say runbackup.sh to get executed.
Since runbackup.sh script is used for many users, the script need to know the username (here user1) to do some user specific actions.
How the runbackup.sh could get the username when cron job invokes it?
Thanks,
Use "whoami" in your script runbackup.sh will shows who is excuting the shell.
Every user's cron job will start a shell process. So Every whoami show the running users' name.
Pls note that: All Users have permition to files mentioned in runbackup.sh.
Related
I have a small elif script that has 4 options. I will need to make a user that has permissions to run just that script on login and when it finishes with the script to log him out.
I am trying to do it trough /etc/passwd like this:
user:x:1003:1003::/home/user:script.sh
When already connected with root and then "su" to user, it executes the script.
The issue is that the user cant connect trough putty and execute the script, which is the goal of what i am trying to do.
Any advise is welcome and appreciated.
Cheers,
Try giving the full path to script.sh in passwd. Even if this file is in the $PATH when you su to the user, it isn't necessarily in the $PATH in an SSH session. The SSH session might provide an environment that is different in other ways, too.
Try a normal user with adduser and then edit two files in his home...
# .profile
logout
...and...
# .bash_logout
clear
When this user logs in ( with ssh/PuTTY ) then .profile logs him out and .bash_logout is executed too. So you can decide to do something at login or logout or twice.
I am trying to find a way to record every single command that is executed by any user on the system.
Things that I have came across earlier.
It is possible to view shell commands executed from the terminal using ~/.bashrc_history file.
There is a catch here, It logs only those commands which were executed interactively from bash shell/terminal.
This solves one of my problems. But in addition to it, I would like to log those commands also which were executed as a part of the shell script.
Note: I don't have control over shell script. Therefore, adding verbose mode like #!/bin/bash -xe is not possible.
However, this can be assumed that I have root access as a system administrator.
Eg: I have another user that has access to the system. And he runs the following shell script using from his account.
#!/bin/sh
nmap google.com
and run as "$ sh script.sh"
Now, What I want is "nmap google.com" command should be logged somewhere once this file is executed.
Thanks in advance. Even a small help is appreciated.
Edit: I would like to clarify that users are unaware that they are being monitored. So I need a solution something at system level(may be agent running with root). I cannot depend on user to log suspicious activity. Of-course everyone will avoid such tricks to put blame on someone else if they do something fishy or wrong
I am aware that you were asking for Bash and Shell scripting and tagged your question accordingly, but in respect to your requirements
Record every single command that is executed by any user on the system
Users are unaware that they are being monitored
A solution something at system level
I am under the assumption that you are looking for Audit Logging.
So you may take advantage from articles like
Log all commands run by Admins on production servers
Log every command executed by a User
You can run the script in this way:
execute bash (it will override the shebang)
ts to prefix every lines
logs both in terminal and files
bash -x script.sh |& ts | tee -a /tmp/$(date +%F).log
You may ask the other user to create an alias.
Edit:
You may also add this into /etc/profile (sourced when users login)
exec > >(tee -a /tmp/$(date +%F).log)
Do it also for error output if needed. Keep it splited.
I have set up cron jobs for my SugarCRM as requested by Sugar:
But when we look at last runs it does not seem to work or show anything.
I am using this for email reminders, mail check and also scheduled campaign run.
Is command-line php on your system installed and the executable in whatever PATH that cronjob is using?
If not make sure to specify the full path, e.g. /usr/bin/php or /usr/local/bin/php are common.
Also based on your operating system/distribution the php command line executable may have a different name, e.g. php5.
Make sure to use the web-process user's crontab or execute php with sudo -u webprocessusername, so that the cronjob will be executed with the correct permissions.Running the cronjob as different user or even root is usually not a good idea.
To see potential error messages replace > /dev/null e.g. with > /tmp/sugarcron.log or > /path/to/webfolder/sugarcron.txt and check the file after a minute.
Further info on the SugarCRM Knowledge Base:
Introduction to Cron Jobs
Troubleshooting Cron and Schedulers
I want to setup crontab to run same jobs for every user on linux, is there any way just to specify the job and it will run for every user ?
Thanks
One option is to add your scripts to root/system crontab like,
either copy your scripts to
/etc/cron.daily/
/etc/cron.hourly/
/etc/cron.monthly/
/etc/cron.weekly/
or
sudo crontab -e
and then add new entry for your script.
And the problem with this option is all commands in script run with administrative privileges (i.e. they are generally run using sudo).
Any user can execute "crontab -e" (without sudo) and put your commands, obviously the user must have permissions to execute commands.
I believe /etc/crontab is global, you can add jobs to run for all users to that file.
What I am unsure about is whether you need to restart the cron service for the changes to take affect
I'm having a peculiar issue with a shell script that I have set to run every minute via crontab.
I use Pelican as a blog platform and wanted to semi-automate the way in which the site updates whenever there's a new post. To do this, I've created a script to look for a file called respawn in the same directory as the content (it syncs via Dropbox so I simply create the file there which syncs to the server).
The script is written so that if the file respawn exists then it rebuilds the blog and deletes it. If it's not, it exits instead.
Here's the script called publish.sh
#!/bin/bash
Respawn="/home/user/content/respawn"
if [ -f $Respawn ]
then
sudo /home/user/sb.sh;rm $Respawn
else
exit 0
fi
exit 0
Here's the crontab for the shell script
* * * * * /home/user/publish.sh
And finally, here's the contents of sb.sh
make html -C /var/www/site/
Now, if I run the script via SSH and respawn exists, it works perfectly. However, if I let the cron do it then it doesn't run the shell script but it still deletes the respawn file.
I have one other cron job that runs every 4 hours that simply runs sb.sh which works perfectly (in case I forget to publish something).
I've tried using the user's crontab as well as adding it to root instead and I've also added the user to the sudoers file so it can be run without password intervention. Neither seem to work. Am I missing something?
It must be sudo. cron can't input the password.
Check mail for the user running the cron to confirm. Something like sudo: no tty present.
Try changing sudo /home/user/sb.sh;rm $Respawn to
/home/user/sb.sh;rm $Respawn
sudo is not necessary to run your command in this context, since it'll be invoked as root anyway.